I'm pretty new to the IIS game. I have an exe file which is being executed once I do http://localhost/cgi/script.exe. But how do I send parameters to the cgi script from the URL parameters? I am thinking about both http://localhost/cgi/script.exe/param1 and http://localhost/cgi/script.exe?query=howdy
Can anyone help? Google hasn't been too helpful.
Use in script session variable QUERY_STRING in PROCESS namespace, like this:
Set wshShell = CreateObject( "WScript.Shell" )
Set wshUserEnv = wshShell.Environment("PROCESS")
WScript.Echo "Your parameters string is: " & wshUserEnv("QUERY_STRING")
Related
I am looking for function in SSJS in XPages instead of "Environ" function.
fileName = "tmpExcel.xls"
bantfile =Environ("Temp") & "\" + fileName + ".xls"
Any suggestion is appreciated.
You can get temporary directory's path on server with SSJS code
var tmpPath = java.lang.System.getProperty("java.io.tmpdir");
It depends on your use case.
For client side enviro, use cookies.
For server side enviro, go for property files.
Be aware - do not use profile documents. They are cached and it makes problems in multithreaded HTTP context.
I have a cucumber step like this (it is not working, but it is a concept):
And (/^I navigate to this url '(.*?)'$/) do |web|
web = $ + 'web' + '_url'
#browser.goto web
end
In a different file, paths.rb, I have this hardcoded URL:
$google_url = http://www.google.com
I want to be able to select that URL, by doing something like this:
And I navigate to this url 'google'
Right now, I have not find a way of selecting the 'real content' of the variable $google_url. Any ideas?
Solution - Using eval (bad idea)
The quickest and most direct solution is to use eval to execute the string to get the variable. However, it is often suggested that eval is a bad idea.
And (/^I navigate to this url '(.*?)'$/) do |web|
url = eval('$' + web + '_url')
#browser.goto url
end
Solution - Create a module and use send
I think a better idea would be to create a module that includes all your path constants. This would be better because (1) you prevent polluting the space with many global variables and (2) using send is safer than eval.
In your paths.rb, you could replace your global variables with a module that can return the different urls:
module Paths
class << self
def google_url()
'http://www.google.com'
end
end
end
You would then use send in your steps to translate the string to a method:
And (/^I navigate to this url '(.*?)'$/) do |web|
url = Paths.send(web + '_url')
#browser.goto url
end
I'm redesigned a login system where I work and currently if someone know the path to a file they may be able to access it even if they are not logged in at all. So far I've researched and come up with 2 ways to prevent this.
Disable anonymous access and have the file brought in by the webpage. This is what I would prefer to do for now since it wouldn't require moving the files around and it seems to be relatively easy to implement. The problem with this is that if I disable anonymous access the file trying to access the document they requires the username/password. Is it possible to have to username/password as part of the ASP file to eliminate this?
The other option is to move the files outside of the website and elsewhere on the server and have the webpage bring in the file similar the first option. I want to eventually get to this method, currently it would take much more time to do this though since we would have to move the files for all of our users as well as change the programs that generate the different reports to output to their new locations.
You could do this with a rewrite rule in IIS.
http://www.iis.net/downloads/microsoft/url-rewrite
You can also do this with a Request Filtering rule in IIS.
http://www.iis.net/configreference/system.webserver/security/requestfiltering/filteringrules/filteringrule/appliesto
"Is it possible to have to username/password as part of the ASP file to eliminate this?"
Yes, if you only want to restrict access to .asp files Session variables tend to be overused in Classic ASP but this is one situation where it is completely appropriate to use one. At the start of all your restricted pages you could have something like
<% If Session("loggedin") <> 1 then Response.Redirect("login.asp") End If %>
Then you need to find a classic asp login script which sets a session variable. Google or Bing should come up with plenty, but here are a couple of links for you
https://web.archive.org/web/20211020121723/https://www.4guysfromrolla.com/webtech/050499-1.shtml
https://web.archive.org/web/20210323190338/http://www.4guysfromrolla.com/webtech/021600-1.shtml
Edit - http server request code. I haven't tested this
Set xml = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")
xml.open "GET","http://fullurlto/yourpdffile.pdf", false, "yourusername", "yourpassword"
xml.send
Response.ContentType = "application/pdf"
Response.write xml.responseText
I found a basis for the code elsewhere on this site but it didn't quite work the way I needed it to.
How To Raise a "File Download" in ASP and prevent hotlink
Dim curUser, curDir, curtype
curUser = Request.QueryString("user")
curDir = Request.QueryString("dir")
curType = Request.QueryString("type")
If curUser = Session("homefolder") Then
Set adoStream = CreateObject("ADODB.Stream")
adoStream.Type = 1
adoStream.Open()
adoStream.LoadFromFile "C:/path/to/" & curUser & curDir
Response.Buffer = true
Response.CharSet = "UTF-8"
Response.Clear
If curType = ".TXT" Then
Response.ContentType = "text/plain"
Else
Response.ContentType = "application/pdf"
End If
Response.flush
Do While Not adoStream.eos
Response.BinaryWrite adoStream.Read(1024 * 8)
Response.flush
Loop
Response.End()
adoStream.close
Set adoStream=nothing
Else
Response.Redirect "denied.asp"
End If
The file is brought in and displayed within the browser. If the user tries to see another user's files they are simply redirected. I'm currently only dealing with PDF and TXT file but it will be easy to add new files types if needed.
I'm working on adding a feature to an old classic asp site and ran into an interesting problem. The following line on the page results in the helpful error "Object required:'' "
strServerName = Request.ServerVariables("server_name")
When I attached a debugger to look at it, Request is in fact Empty, which I don't understand how that can happen? This line exists on several pages and executes with no problems besides this one. In this case, the page is executed by a Redirect from another page.
I've been searching for a solution for a day or so now and haven't been able to locate anything that's been helpful. I'm desperate, any ideas would be greatly appreciated.
Oh, and if any more information is required, please don't hesitate to call me out.
Thanks!
Update 1
As requested, below is the entire code snippet wrapped in <% %> tags. This block exists as first code within the file (named 'order-results-instant.asp'):
<%
strServerName = Request.ServerVariables("server_name")
strServerName = UCase(strServerName)
strServerURL = "http://localhost/cbr"
strServerURLhttps = "https://localhost/cbr"
strConnect = "Provider=SQLOLEDB;Data Source=localhost;Initial Catalog=CBR; Integrated Security=SSPI"
Dim objConn
Dim sql_stmt
Dim rs
%>
Update 2
I've used the following 2 methods to redirect execution to this page - perhaps this can cause the request to be lost?
'Response.Redirect strServerURL & "/order-results-instant.asp?gwstep=1"
Response.Write "<META HTTP-EQUIV=""refresh"" content=""5;URL=" & strServerURL & "/order-results-instant.asp?gwstep=1"">"
Scan through the rest of the code. At the Global level you will find this:-
Dim Request
Rename this variable and its current usage and the Request object attached to the script context will become visible.
On your server is the Active Server Pages Web Service extension allowed (turned on) ?
I copied your code into my test asp file with the following code and it redirected just fine.
<%
strServerName = Request.ServerVariables("server_name")
strServerName = UCase(strServerName)
strServerURL = "http://localhost/"
strServerURLhttps = "https://localhost/"
strConnect = "Provider=SQLOLEDB;Data Source=localhost;Initial Catalog=CBR; Integrated Security=SSPI"
Dim objConn
Dim sql_stmt
Dim rs
Response.Write(strServerName)
if Request.Querystring("test") <> "1" then
Response.Redirect("http://" + strServerName + "/asptest.asp?test=1")
end if
%>
The only real difference is I am adding "http://" to the redirect. Maybe something I did will shed some light to help you solve your issue.
thanks
Does it work if you try to access it at an earlier point in the page?
This is the same question as this but I'm looking for a classic ASP solution.
I have a third party control to provide secure downloads but it expects you to provide the response.contenttype value. I'm trying to have the browser prompt with the following:
Response.AddHeader "Content-Disposition", "attachment;filename=""" & strFileName & """"
However Safari doesn't like any of the suggested content types (does odd things with the file name - like add ".exe" to the end).
application/x-msdownload
application/force-download
So I'd either like to query IIS for the correct content type or find a generic content type that would let the browser figure it out in a somewhat reliable fashion.
Typically the mimemap being used by the site is stored at server level and you can get into permission issues trying to read it. It requires some nasty ADSI code.
Have you tried the standard application/octet-stream as a mime type?
From Reading the server mimemap:
Public Function GetMimeType(ByVal Extension)
Dim oMimeMap
Dim vntMimeType
Dim avntMap()
Set oMimeMap = GetObject("IIS://LocalHost/MimeMap")
If Left(Extension, 1) <> "." Then Extension = "." & Extension
avntMap() = oMimeMap.MimeMap
For Each vntMimeType In avntMap
If vntMimeType.Extension = Extension Then
GetMimeType = vntMimeType.MimeType
Exit For
End If
Next
If GetMimeType = "" Then GetMimeType = "application/octet-stream"
End Function
Note: the code calling GetObject is required to be an Operator in WWW Service Master properties.